Java web application taking more time to login

We are having a java based web application, a custom one. Our users have reported that it is taking more time to login to the application. It is taking 50s to 75s for login. I took the stack trace during login. But i am not able to find anything from it. In fact, i didn't understand much from the java console output. Are there any good links from where i can get to know how to understand these java console output.

Hi @Anand,
first of all, breathe. I don't know how you took that stack trace during login, but it would be interesting to know what happens upon login. From a business perspective. Do you need to call multiple third party services to fetch some data? Is it a small application with a local database? Did it always take so long to login? Did it suddenly change?

Also, on second thought are we talking about "logging in" or actually "starting up" the application?

I don't think the stack trace would tell you much. Treat this like you would debug any issue: try to reproduce it locally, and if you can, add code that measures which parts of the login take up how much time. That should point you to where the time is spent, and where you need to focus further investigation.

You can post the Java console output as text, but please only short, relevant excerpts, not hundreds of lines.

When you are using the J2EE standard authentication system, that's very low overhead and the only time login is likely to be if whatever credentials service your Realm invokes is bogged down. That would normally show up as OS resource overhead.

On the other hand, if you are foolhardy enough to be using a Do-it-Yourself "security" system (perhaps designed by the local genius), all bets are off. In many cases, such systems marshal all sorts of resources when you log in, up to and including yanking in massive amounts of user profile-related data from a database. Systems like this are not merely security exploits waiting to happen (unless you're a trained full-time security professional, it doesn't matter how "clever" you are, chances are your Pride and Joy can be shredded in 15 minutes or less by a determined invader and often not even a very technically skilled one). In addition to insecurity, they're often not properly load-tested. Too often in-house designed security work is an annoyance rather than the most critical part of the system.

Long story short. If you're using J2EE container security, I can probably help. If you're using a standard package like Spring Security, we have a forum for that, too. But if you're using DIY security, it's ultimately an applications program problem and since there's no standard for application-designed security, you're just going to have to treat it like any other application performance problem.

And, incidentally, I don't think this has anything to do with JNLP Web Start. This question would have been better posted to a server or webapp forum.